Unpatched Java flaw Hit in Targeted Attacks, Researchers Say

Datamation content and product recommendations are editorially independent. We may make money when you click on links to our partners. Learn More.

Computerworld: Researchers from several security firms are warning about a new attack which targets a vulnerability in Java 7 Update 6, the latest version of Java. The attack code is hosted by a website with a Chinese IP address and delivers malware from servers in Singapore. The malware appears to be a variation of Poison Ivy, a Trojan used for cyberespionage.

“This vulnerability is not a ‘memory corruption’ type vulnerability, but instead seems to be a security bypass issue that allows running untrusted code outside the sandbox without user interaction,” explained Carsten Eiram of security vendor Secunia. “In this specific case a file is downloaded and executed on the user’s system when just visiting a web page hosting a malicious applet.”

Oracle has not said when it will release a patch for the problem. “We are not aware of any fixes or workarounds except disabling/uninstalling Java,” noted Eiram.

Subscribe to Data Insider

Learn the latest news and best practices about data science, big data analytics, artificial intelligence, data security, and more.

Similar articles

Get the Free Newsletter!

Subscribe to Data Insider for top news, trends & analysis

Latest Articles